Kong removes https when sending request to upsteam service

I am testing a kong ingress to the kubernetes dasboard. I noticed that when my request comes in as https, kong ingress receives it, but then sends on to the dashboard service as http…

[error] 22#0: *16441569 readv() failed (104: Connection reset by peer) while reading upstream, client: 172.16.44.192, server: kong, request: “GET /db HTTP/2.0”, upstream: "http://172.16.127.154:8443

How do I get kong to keep https?

Here is my ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard
annotations:
kubernetes.io/ingress.class: kong
konghq.com/protocol: “https”
namespace: kubernetes-dashboard
spec:
rules:

  • host:mydashboard.test.com
    http:
    paths:
    • path: /db
      pathType: Prefix
      backend:
      service:
      name: kubernetes-dashboard
      port:
      number: 443

And my service:
Name: kubernetes-dashboard
Namespace: kubernetes-dashboard
Labels: k8s-app=kubernetes-dashboard
Annotations:
Selector: k8s-app=kubernetes-dashboard
Type: ClusterIP
IP Families:
IP: 10.109.116.58
IPs: 10.109.116.58
Port: https 443/TCP
TargetPort: 8443/TCP
Endpoints: 172.16.127.154:8443
Session Affinity: None
Events:

The konghq.com/protocol annotation needs to be applied to your Service rather than your Ingress. That controls the protocol the proxy uses for upstream traffic.

Ingresses support a konghq.com/protocols annotation (the names are similar, but not the same–the Service annotation is singular protocol, whereas the Ingress annotation is the plural protocols). That determines which protocols are accepted for inbound client traffic. Setting that to https only will redirect HTTP clients to HTTPS, using the konghq.com/https-redirect-status-code annotation.

Ok, thanks. I will look at that.

Brian


© 2019 Kong Inc.    Terms  •  Privacy  •  FAQ